Cross-site scripting (XSS) vulnerability in index.php in phpoutsourcing Noah's classifieds 1.3 allows remote attackers to inject arbitrary web script or HTML via the rollid parameter.

Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter.

Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter.

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_globals is enabled, the (2) upperTemplate and (3) lowerTemplate parameters.